modiloader | d764c472456716972abf910c9568dffe1301cee889b69f5fee31521bbc950255 | Triage

Submit
Reports

Overview

overview

Static

static

Quotations.xlsx

windows7_x64

Quotations.xlsx

windows10_x64

1

Sharing

General

Target

Quotations.xlsx
Size

1.2MB
Sample

210816-myz8karbrx
MD5

fd084269903ab4b2354aabb96cf46764
SHA1

4f1ebf3cf19d8eb1a53b50bd4eaafff005c628cb
SHA256

d764c472456716972abf910c9568dffe1301cee889b69f5fee31521bbc950255
SHA512

f9b0b387c7ef1d409910826d639e1cea552098ff11eaaf1c6f9485cd06a0c75b9d9247b31dbb4b44845c5077b53a089dbc5ac2a25c43fedfa91cc9ba807b1cef

Score

10^/10

modiloader persistence suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

Quotations.xlsx

Resource

win7v20210410

modiloader persistence suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Quotations.xlsx

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Quotations.xlsx
- Size
  
  1.2MB
- MD5
  
  fd084269903ab4b2354aabb96cf46764
- SHA1
  
  4f1ebf3cf19d8eb1a53b50bd4eaafff005c628cb
- SHA256
  
  d764c472456716972abf910c9568dffe1301cee889b69f5fee31521bbc950255
- SHA512
  
  f9b0b387c7ef1d409910826d639e1cea552098ff11eaaf1c6f9485cd06a0c75b9d9247b31dbb4b44845c5077b53a089dbc5ac2a25c43fedfa91cc9ba807b1cef
Score

10^/10

modiloader persistence suricata trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies system executable filetype association
  persistence
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Change Default File Association

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderpersistencesuricatatrojan

behavioral2

© 2018-2024

Terms | Privacy